I gave up after about 12 pages of replies. Is there a catch somewhere? While I'm interested in computer security, I don't know enough to understand everything going on there. I do get the feeling like it's mostly the server OS's that should worry, since their 'tools' seem to be targeted by this rootkit.

Anyhow, for desktops SSHD is often unneeded (and disabled by default in VL), I reckon most of our users should be fine.

But while the computer may be infected by the rootkit, it's primary goal seems to be to give the hacker access to the system using SSHD. So even IF a VL computer catches the file, there's still a pretty good chance that SSHD is not enabled, which should mean no root access to the system for the hacker. But I agree that ideally you don't want the rootkit to be installed in the first place.

This post seems to suggest that it's limited to redhat/centOS like linuxes, which would make sense since those are probably the biggest players in the 'enterprise' market (more data to be stolen or faster computers/connections to be used) and closely related. So, eventhough this is nasty for certain people this problem might not be a biggy to us.

Still, interesting subject. I don't usually consider the possibility of attracting malicious software of any kind to my Linux install, maybe I should take some more precautions.

This post seems to suggest that it's limited to redhat/centOS like linuxes, which would make sense since those are probably the biggest players in the 'enterprise' market (more data to be stolen or faster computers/connections to be used) and closely related. So, eventhough this is nasty for certain people this problem might not be a biggy to us.

Still, interesting subject. I don't usually consider the possibility of attracting malicious software of any kind to my Linux install, maybe I should take some more precautions.

You assume that everyone here runs just VL. That is not true. I, for one, also run a server that has CentOS. I'm sure there are other members who also do so.

I meant, that for VectorLinux users this particular rootkit might not be a problem. When they use CentOS, they morph into CentOS users and are no longer Vector users (and vice versa) .

Joking aside, I was just relieved that our beloved VL was probably not at risk from this particular threat, I use VL for all my linux needs. Of course this is still a major concern to those using the affected OS's.

Another cPanel exploit.The last was o-day? one can hope for a quick understanding of the exploit, at least there is a quick fix of sorts, it is advised not to indulge in scripts floating around the internet that claim to solve the issue.

Well...a reinstall would seem futile at this point as some systems are reinfected but safegards would be pertinent it appears port 22 is a target but when not found another is sought, there has been an ip identified, from spain?.

Security through obscurity is not security. It doesn't matter if you use port 22 for SSH or another one. I could find it easily enough with a simple port scan. However, the use of SSH keys should be used in lieu of password authentication. Far too many still think password123 is a good password. >.<